Hi all,
I was wondering if someone can point me in the right direction
regarding creating custom connection logs in Bro. I'm sorry in
advance if this is a question already asked before, but I could not
find the answer or something remotely close to an answer. I want to
add some fields to current conn.<tag>.log files (namely for instance
tcp sequence numbers) for all tcp connections or I want to create new
connection log files with new fields. I have written new function
(similar to record_connection()) in <hostname>.bro file as well as new
event calling that function. The log files get created, but nothing
is ever logged into them.
I guess my question would be, how do I create an event calling this
function that will just record all tcp network traffic into customized
log files? I really don't want to do anything special to it, I just
want to log the traffic with the format I defined in the function. I
have been using pkt_hdr, ip_hdr, tcp_hdr, udp_hdr data types from
bro.init to add additional fields in fmt(). If you can just give me a
quick format of the event that would do that, it would help
tremendously, I can do the rest myself.
I hope this is enough information, if not please let me know. Thank
you in advance for any help.
Regards,
Alen